Securing Substations with Trust, Risk Posture, and Multi-Agent Systems: A Comprehensive Approach
Kwasi Boakye-Boateng, Ali A. Ghorbani, Arash Habibi Lashkari
Abstract
The Smart Grid is an IT-integrated power grid that generates, transmits, and distributes electricity to households and businesses. The substation is a crucial element of the Smart Grid’s operation, which adjusts voltages during the entire process. The integration of IT has increased in the substation’s attack surfaces. Sophisticated attacks such as the Pipeline APT contain multi-protocol modules for various devices. Performance constraints make substations a unique case; hence it is challenging to implement encryption and intrusion detection systems. We believe trust can tackle this problem. We present an improved trust model that detects protocol-based attacks toward an IED/SCADA HMI. This model is included within a multi-agent-based trust management system that computes the substation’s risk posture. Our proposed design was implemented in a Docker-based testbed environment with a SOC-influenced dashboard to provide real-time updates. The implementation was subjected to three attack scenarios: external attack, internal attack from compromised SCADA HMI, and internal attack from a compromised non-trusted IED. We observed that our model was robust against all attacks except for the baseline replay and delay response attacks. Detecting these attacks will be considered for future work as well as trust transferability. Our institute’s website provides a publicly available dataset containing captures of our MAS testbed.